As I have been really interested in the security debate I was really saddened by the post from a member of the IE team, Peter Torr. I didn’t follow the whole Slashdot debate. If this is what the IE team worries about, IE will never ever get fixed. His whole point of view I would summarize this way: IE is more secure because IE provides a better trust model through signed code. His points about the trust model are accurate. I too have cursed under my breath each time I installed “supported extension” to mozilla that wasn’t signed. However, since the trust model has been in place for some time in IE my rebuttal is this.
The way hackers have exploited vulnerabilities in IE has not been helped by an stronger trust model.
The end result is that while IE may attempt to look like a great white shining castle with numerous motes and gates, the hackers have quickly figured out how to search for the open ductwork and avoid the defenses entirely.